<?php
require_once("constant.php");   //include config file
date_default_timezone_set(TIMEZONE);  

class DB{
	public $localhost;
	public $username;
	public $password;
	public $db;
	public $conn;

	/**
   * DB类构造函数
   */
	public function DB($host=DB_HOST ,$username=DB_USER,$password=DB_PASSWORD,$dbname=DB_NAME){
		$this->localhost = $localhost;
		$this->username = $username;
		$this->password = $password;
		$this->db = $db;
		$this->open();
	}

	/**
	* open db
	*/
	public function open(){
		// echo $this->host ."--". $this->username ."--" .$this->password ;
		$this->conn = mysql_connect($this->localhost,$this->username,$this->password);
		mysql_select_db($this->db);
		mysql_query("SET CHARACTER SET utf8");
	}

	/**
	* close db
	*/
	public function close(){
		mysql_close($this->conn);
	}

	// add user
	public function addUser(){
		//$sql = "INSERT INTO user (name, pass, email, gender, image) 
		//VALUES ('Glenn', '123', 'hello@uic.edu.hk','M','upload/a.jpg')";

		$sql = "INSERT INTO staffinfo (name, password, position, email, image, sex, birth, level) 
		VALUES ('".$_POST['name']."', '".$_POST['password']."', '".$_POST['position']."','".$_POST['email']."','".$_POST['image']."','".$_POST['gender']."','".$_POST['birth']."','".POST_['level']."')";
		mysql_query($sql,$this->conn);
		$id = mysql_insert_id($this->conn);
		return $id;
	}

	// get all users
	public function getUsers(){
		$sql = "SELECT * FROM staffinfo";
		$result = mysql_query($sql,$this->conn);
		return $result;
	}

	// get one user
	public function getUser($name,$pass,$level){
		if($level=='manager')
        {
            $sql = "SELECT * FROM staffinfo where name = '$name' and password = '$pass' and level = '$level' limit1";
            $result = mysql_query($sql,$this->conn);
            if(mysql_fetch_row($result))
               {
                return 1;
            }
            return 0;
        }
        else
        {
             $sql = "SELECT * FROM staffinfo where name = '$name' and password = '$pass' and level = '$level' limit1";
            $result = mysql_query($sql,$this->conn);
            if(mysql_fetch_row($result))
               {
                return 1;
            }
            return 0;
        }
        
	}



}

?>
